TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

781

782

783

784

785

786

787

788

789

790

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

786

Signature ID: 34300

IPlanet GETATTRIBUTENAMES attempt

Threat Level: Critical

Industry ID: CVE-2001-0746 CVE-2001-0747 Bugtraq: 2732

Signature Description: Buffer overflow in Web Publisher in iPlanet Web Server Enterprise Edition 4.1 and earlier

allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request for a long URI

with (1) GETPROPERTIES, (2) GETATTRIBUTENAMES, or other methods.

Signature ID: 34302

Microsoft OLE Automation SubstringData Integer Overflow (MS07-043)

Threat Level: Critical

Industry ID: CVE-2007-2224 Bugtraq: 25282

Signature Description: This issue is caused by an error in the Object linking and embedding (OLE) Automation when

processing specially crafted script requests, causes an integer overflow error in the substringData() method of an

XMLDOM/TextNode JavaScript object. This can be exploited to cause a heap-based buffer overflow via specially

crafted arguments passed to the affected method. Successful exploitation may allow execution of arbitrary code when a

user visits a malicious website.

Signature ID: 34307

Trend Micro ServerProtect TMregChange() Stack Overflow

Threat Level: Severe

Industry ID: CVE-2007-4731

Signature Description: The specific flaw exists within the routine TMregChange() exported by TMReg.dll which is

reachable through the custom protocol subcode "\x15\x00\x00\x00". The TCP socket bound to port 5005 receives user-

supplied data which is copied without proper bounds checking to a stack-based buffer. Thereby resulting in an

exploitable condition.This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of

Trend Micro Server Protect. Authentication is not required to exploit this test vulnerability.

Signature ID: 34312

HTTP Firefox About Blank Spoof Vulnerability (UI spoofing)

Threat Level: Warning

Industry ID: CVE-2007-1004 Bugtraq: 22601

Signature Description: Mozilla Firefox is a web browser descended from the Mozilla Application Suite, managed by

the Mozilla Corporation. Firefox uses the open-source Gecko layout engine, which implements some current Web

standards plus a few features which are intended to anticipate likely additions to the standards. It is possible for a script

to open about:blank URL in a new tab, this tab will be opened with a blank address bar. The script can then interact

with this document as if it were a page in the same domain, including the ability to inject custom HTML. In UI

spoofing a window was opened without URL bar and menus, the attacker could use strategically placed graphics and

HTML controls (or XUL code) so that the URL bar will read something, while an IFRAME below could display

another web location.

Signature ID: 34316

Sun StarOffice, StarSuite and OpenOffice TIFF File Integer Overflow

Threat Level: Minor

Industry ID: CVE-2007-2834

Bugtraq: 25690

Signature Description: OpenOffice.org is an office application suite available for a number of different computer

operating systems. It supports all the OpenDocument standard file formats, as well as Microsoft Office 97-2003

formats. OpenOffice OpenOffice 2.2.1, Ubuntu Ubuntu Linux 7.04 and prior versions are vulnerable to the heap based